CN113992571A - Multi-path service convergence method, device and storage medium in SDN network - Google Patents
Multi-path service convergence method, device and storage medium in SDN network Download PDFInfo
- Publication number
- CN113992571A CN113992571A CN202111148937.XA CN202111148937A CN113992571A CN 113992571 A CN113992571 A CN 113992571A CN 202111148937 A CN202111148937 A CN 202111148937A CN 113992571 A CN113992571 A CN 113992571A
- Authority
- CN
- China
- Prior art keywords
- vbgp
- component
- flow table
- route
- virtual switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000001360 synchronised effect Effects 0.000 claims description 14
- 238000012544 monitoring process Methods 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 230000002457 bidirectional effect Effects 0.000 claims description 6
- 230000006855 networking Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 12
- 238000009499 grossing Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000003068 static effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 235000008694 Humulus lupulus Nutrition 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/28—Routing or path finding of packets in data switching networks using route fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
Abstract
The invention provides a multi-path service convergence method, a multi-path service convergence device and a storage medium in an SDN (software defined network), which are used for solving the technical problem of multi-path service convergence in the SDN. In the invention, an SDN controller monitors alarm messages of a vBGP component, when BGP routing information synchronization abnormity is caused by related faults of the vBGP component, the SDN controller actively issues an escape flow table to a virtual switch, so that all forwarding flow tables generated by the vBGP routing on the virtual switch are invalid, and east-west service flow is completely forwarded by an exit gateway through the escape flow table, thereby avoiding the condition that partial east-west service flow is cut off due to the fact that an equivalent multi-path forwarding flow table on the virtual switch cannot be updated and converged in time when the vBGP component fails, and enabling east-west multi-path service to be converged to a normal virtual machine through the exit gateway.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a multipath service convergence method, apparatus, and storage medium in an SDN network.
Background
In network Overlay networking, tunnel encapsulation is done by physical switches. The networking scheme has the advantages that the forwarding performance of the physical network equipment is high, and networking intercommunication among non-virtualized physical servers can be supported.
In the host Overlay networking, the virtual device is used as an edge device of the Overlay network. The networking scheme is suitable for a server virtualization scene and supports mainstream Hypervisor platforms such as KVM and CAS.
Hybrid Overlay refers to a scenario in which the whole network has both an ovs (openflow Virtual switch) and a hardware switch (Leaf). In the hybrid Overlay networking, the network Overlay and the host Overlay can be simultaneously supported, and services such as accessing a virtualized server, accessing a physical server which is not virtualized, and using a database of the physical server to improve performance can be supported. The hybrid Overlay is an overall solution of the Overlay, and can provide autonomous and diversified choices for customers.
In the initial era of Ethernet Virtual Private Network (EVPN), since a virtualized switch (vSwitch) does not have a function of processing a Border Gateway Protocol (BGP) EVPN route, a hybrid Overlay under EVPN networking cannot be implemented, and user networking is greatly limited. Under the background, Software Defined Network (SDN) controller manufacturers implement a hybrid Overlay function under an EVPN networking, so that traffic between a Network Overlay and a host Overlay in the networking can be intercommunicated to be called a necessary trend, and a problem that a user cannot simultaneously deploy virtual switch access and physical switch access in an initial EVPN time is solved.
SDN technology brings an unprecedented revolution to networks, but for the network itself, reliability remains the most user concern. In SDN hybrid Overlay networking, a virtual border gateway protocol (vBGP) component (with BGP route analysis capability) and a Route Reflector (RR) device establish a BGP neighbor, an EVPN route is collected from the RR device, the vBGP component informs the collected EVPN route to an SDN controller, and the SDN controller converts the received EVPN route into a corresponding flow table and sends the flow table to a virtual switch vSwitch to guide the vSwitch to forward.
However, once the vcgp component fails, during which the multipath load balancing route changes, the route on the virtual switch vswitch cannot converge, and the traffic flow is still sent to an abnormal path or virtual machine, resulting in service interruption.
Disclosure of Invention
In view of this, the present invention provides a multipath service convergence method, device and storage medium in an SDN network, which are used to solve the technical problem of multipath service convergence in the SDN network.
Based on one aspect of the embodiments of the present invention, the present invention provides a multipath service convergence method in an SDN network, which is applied to a software defined network SDN controller, where the SDN controller synchronizes routing information from a virtual border gateway protocol (bgp) component, and a first virtual switch, a second virtual switch, and an egress gateway are interconnected through a large two-tier network, and the method includes:
an SDN controller monitors the state of the vBGP component;
when monitoring a vBGP component fault, an SDN controller issues an escape flow table to a first virtual switch, wherein the escape flow table is used for forwarding east-west service flow sent to a second virtual switch to an egress gateway, and the service flow is sent to the second virtual switch by the egress gateway;
when the SDN controller monitors that the vBGP component is recovered to be normal, routing synchronization is completed between the SDN controller and the vBGP component, and flow table synchronization is completed between the SDN controller and the first virtual switch, the SDN controller instructs the first virtual switch to delete the escape flow table, so that east-west traffic flow sent to the second virtual switch is directly forwarded on the first virtual switch through a large two-layer network.
Further, the method further comprises:
before the failure of the vBGP component occurs, the SDN controller includes, from routes synchronized by the vBGP component, an equal cost multi-path route of a destination Virtualized Network Function (VNF) reported from an egress gateway or a route reflector, the destination VNF being located on the side of the second virtual machine; the SDN controller issues a flow table related to an equivalent multi-path route of the target VNF to the first virtual switch according to the route reported by the vBGP component;
after the vBGP component returns to normal, the SDN controller includes the converged equal-cost multipath route of the target VNF from the synchronous route of the vBGP component; the converged equivalent multi-path route is generated by the egress gateway upon detecting a virtual machine failure in the destination VNF during the vBGP component failure.
Furthermore, the flow table issued by the SDN controller to the first virtual switch is divided into a flow table generated according to the route reported by the vBGP component and a flow table generated not according to the route reported by the vBGP component;
the priority of the escape flow table is higher than that of a flow table generated according to the route reported by the vBGP component and lower than that of a flow table generated not according to the route reported by the vBGP component.
Further, the exit gateway detects whether the virtual machine in the destination VNF fails in a Bidirectional Forwarding Detection (BFD) manner;
the large two-layer network is a virtual extensible local area network VXLAN.
Based on another aspect of the embodiments of the present invention, the present invention further provides a multipath service convergence apparatus in an SDN network, where the apparatus is applied to an SDN controller in a software defined network, the SDN controller synchronizes routing information from a virtual border gateway protocol (bgp) component, and a first virtual switch, a second virtual switch, and an egress gateway are interconnected through a big two-tier network, and the apparatus includes:
the synchronization module is used for synchronizing the routing from the vBGP component and generating a flow table based on the routing reported by the vBGP to realize the synchronization with the flow table of the virtual switch;
the monitoring module is used for monitoring the state of the vBGP component;
the system comprises an escape flow table issuing module, a first virtual switch and a second virtual switch, wherein the escape flow table issuing module is used for issuing an escape flow table to the first virtual switch when a vBGP component fault is monitored, and the escape flow table is used for forwarding east-west service flow sent to the second virtual switch to an exit gateway and sending the east-west service flow to the second virtual switch by the exit gateway;
and the escape flow table deleting module is used for instructing the first virtual switch to delete the escape flow table after the situation that the vBGP component is recovered normally, the route synchronization between the SDN controller and the vBGP component is completed and the flow table synchronization between the SDN controller and the first virtual switch is completed is monitored, so that the east-west traffic flow sent to the second virtual switch is directly forwarded on the first virtual switch through a large two-layer network.
Further, before the failure of the bgp component occurs, the synchronization module includes, in a route synchronized from the bgp component, an equal-cost multi-path route of a destination virtualized network function VNF reported from an egress gateway or a route reflector, where the destination VNF is located on the second virtual machine side; the synchronization module issues a flow table related to an equivalent multi-path route of the target VNF to the first virtual switch according to the route reported by the vBGP component;
the synchronization module is used for synchronizing routes from the vBGP component after the vBGP component returns to normal, wherein the routes synchronized from the vBGP component comprise the equivalent multi-path routes after convergence of the target VNF; the converged equivalent multi-path route is generated by the egress gateway upon detecting a virtual machine failure in the destination VNF during the vBGP component failure.
Furthermore, the flow table issued by the synchronization module to the first virtual switch is divided into a flow table generated according to the route reported by the vBGP component and a flow table generated not according to the route reported by the vBGP component;
the priority of the escape flow table is higher than that of a flow table generated according to the route reported by the vBGP component and lower than that of a flow table generated not according to the route reported by the vBGP component.
Further, the exit gateway detects whether the virtual machine in the destination VNF fails in a Bidirectional Forwarding Detection (BFD) manner;
the large two-layer network is a virtual extensible local area network VXLAN.
In the invention, an SDN controller monitors alarm messages of a vBGP component, when BGP routing information synchronization abnormity is caused by related faults of the vBGP component, the SDN controller actively issues an escape flow table to a virtual switch, so that all forwarding flow tables generated by the vBGP routing on the virtual switch are invalid, and east-west service flow is completely forwarded by an exit gateway through the escape flow table, thereby avoiding the condition that partial east-west service flow is cut off due to the fact that an equivalent multi-path forwarding flow table on the virtual switch cannot be updated and converged in time when the vBGP component fails, and enabling east-west multi-path service to be converged to a normal virtual machine through the exit gateway.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments of the present invention or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and for those skilled in the art, other drawings may be obtained according to the drawings of the embodiments of the present invention.
Fig. 1 is a diagram illustrating a networking structure of a multi-path service of an SDN network according to an embodiment of the present invention;
fig. 2 is an exemplary diagram of service convergence under a normal condition of a bgp component in an SDN network according to an embodiment of the present invention;
fig. 3 is an exemplary diagram of network states when a bgp component in an SDN network and a virtual machine in a VNF fail successively in an embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating steps of a multi-path service convergence method for an SDN network according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a process of issuing an escape flow table to a virtual switch by an SDN controller according to an embodiment of the present invention;
fig. 6 is a schematic diagram of load balancing service convergence during a failure of a bgp component in an SDN network according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a multi-path service convergence apparatus for an SDN network according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the invention. As used in this embodiment of the invention, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used to describe various information in embodiments of the present invention, the information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of embodiments of the present invention. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
Fig. 2 is a diagram illustrating a networking structure of an SDN network multipath service according to an embodiment of the present invention. The networking structure uses an asymmetric Forwarding model, original next hops are carried by a route, flow is iterated to a virtual machine VM corresponding IP, load sharing is carried out according to the number of the real next hops of the route, a next hop Bidirectional Forwarding Detection (BFD) Detection function is started at the same time, when a certain virtual machine fails, an SDN controller senses the BFD state of the route, Openflow table entries are refreshed, and switching of service flow from a failed virtual machine to other load sharing virtual machines is achieved.
In the networking structure illustrated in fig. 1, Virtual switches (e.g., vSwitch1 and vSwitch2) and gateways (e.g., SDN _ GW1 and SDN _ GW2) are interconnected by a two-layer technology, which is a Virtual eXtensible Local Area Network (VXLAN). The traffic that a mobile terminal (e.g., a mobile phone) accesses via a Virtual Network Function (VNF) and the Internet is called a north-south traffic, and the VNF1 and the VNF2 are two Virtual servers providing service Functions, and each of the two Virtual servers includes a plurality of Virtual machines to implement load sharing of a service. Traffic transport between VNF1 and VNF2 is referred to as east-west traffic. In order to realize load balancing of north-south traffic and east-west traffic, a user needs to perform a load sharing function between a gateway SDN-GW and a virtual switch vSwitch in an SDN network, and the specific processing flow is as follows:
1) virtual machines VM5 and VM6 in VNF2 come online, and through an Openflow protocol, an SDN controller issues MAC forwarding flow tables and IP forwarding flow tables of VM5 and VM6 on Virtual switches ovs (Openflow Virtual switch), such as vSwitch1 and vSwitch2, converts information of VM5 and VM6 into EVPN routes, and issues the EVPN routes to a route reflector RR (which may serve as RR by a gateway in the figure);
2) after receiving the route, the SDN-GW gateway adds the MAC and IP addresses of VM5 and VM6 to an Address Resolution Protocol (ARP) entry;
3) IP addresses of the VM5 and the VM6 in the VNF2 that provide services to the outside are IP1, the IP1 is a service IP address configured in the VNF2, in order to implement load sharing between the VM5 and the VM6 of service traffic on the VNF2, a user configures a static route, and examples of the static route received by the SDN controller are as follows:
destination IP1, next hop IP: vm5IP, start BFD
Destination IP1, next hop IP: vm6 IP, start BFD
VM5 and VM6 use the same traffic IP address to direct traffic flow to both VM5 and VM6 by configuring equal cost routing.
4) The SDN controller issues the static route configured by the user, wherein the static route carries the original next hop, BFD and other related configurations to an SDN _ GW gateway;
5) and the SDN _ GW gateway respectively sends BFD echo messages for each next hop.
An example of BFD echo messages sent by gateway SDN _ GW1 to VM5 and VM6 is as follows:
the destination IP is GW _ IP1, the destination MAC is VM5 MAC, the VXLAN ID is the L2VNI of VM5, and the destination IP is sent to vSwitch 2;
the destination IP is GW _ IP1, the destination MAC is VM6 MAC, the VXLAN ID is the L2VNI of VM6, and the destination IP is sent to vSwitch 2;
the BFD echo message format appoints the destination IP as the sender, based on which, the destination end can rebound the message after receiving the message, and the gateway can judge whether the path is normal after receiving the rebound BFD echo message.
6) After the BFD detects that the message reaches the destination vSwitch2, the BFD matches and forwards the flow table according to the destination MAC, and sends the message to the corresponding virtual machine VM5 or VM 6;
7) after receiving the BFD echo message, the virtual machine VM5 or VM6 searches a routing table item of the VNF network element virtual machine, and rebounds the BFD echo message;
8) the vSwitch2 receives a BFD (bidirectional forwarding detection) rebound message (the destination IP is the address GW _ IP1 of a distributed gateway SDN _ GW1, and the destination MAC is the MAC of the SDN _ GW 1) sent by the virtual machine, matches a default flow table, and sends the message to a gateway SDN _ GW 1;
9) after receiving the BFD bounce message, the gateway SDN _ GW1 sets the BFD session state to the UP state, and validates the static routing table entries sent by the SDN controller to VM5 and VM6, where the two routing table entries form an equivalent route. Meanwhile, the gateway can issue five types of network segments of type5 corresponding to the routing table entry to be routed to the vBGP.
10) After receiving the five types of routes, the vBGP informs the SDN controller, the controller issues the equivalent multi-path ECMP table entry of the IP1 in the VNF2 on the vSwitch2, and the next hop is VM5 and VM 6.
11) If VM5 in VNF2 fails, gateway SDN _ GW1 cannot receive the BFD response packet of VM5, the BFD Session state is set to Down, and the route (destination IP: IP1, next-hop IP: vm5IP) fails, the gateway will notify the bgp component of the route withdrawal;
12) after receiving the route withdrawal message, the vBGP component notifies the SDN controller, and the controller modifies the flow table on the vSwitch2 and modifies the next hop of the ECMP table entry with the destination address of IP1 into a normal VM 6. At this time, the traffic of other virtual machines accessing the IP1 converges to the VM 6.
Fig. 2 is an exemplary diagram of normal traffic convergence of a bgp component in an SDN network according to an embodiment of the present invention, where, in a case where the bgp component and the SDN controller are both normal and links between the SDN controller and a gateway and a virtual switch are normal, when a VM5 fails, north-south traffic and east-west traffic converge on a normal virtual machine VM6 in a VNF 2.
Fig. 3 is an exemplary diagram of network states when a bgp component in an SDN network and a virtual machine in a VNF successively fail according to an embodiment of the present invention. When the bgp component fails first and then the VM5 also fails, the SDN _ GW gateway senses the VM5 failure through BFD, and the north-south load balancing traffic converges to VM 6. However, due to failure of the vggp component, the SDN controller cannot receive route revocation information issued by the SDN _ GW gateway, the load balancing flow table on the vSwitch cannot be refreshed, and east-west traffic (VNF1 accesses VNF2) is hashed according to the quintuple and sent to the problematic virtual machine VM5, which causes service interruption.
Based on the analysis of the technical problems, the invention provides a multipath service convergence method in an SDN network and a corresponding device and equipment, in order to solve the technical problem that when a vBGP component fails or loses connection and a certain virtual machine or virtual machines VM in VNF service fails or fails to provide service, an east-west equivalent multipath route cannot be converged to a normal virtual machine.
The basic idea of the invention is as follows: the SDN controller monitors alarm messages of the vBGP component, when the situation that BGP routing information synchronization is abnormal due to the fact that the vBGP component is in fault or is disconnected with a gateway or a routing reflector is found, the SDN controller actively issues escape flow tables to the virtual switch, all forwarding flow tables generated through vBGP routing on the virtual switch are invalid, business flow in east and west directions is completely forwarded by an exit gateway through the escape flow tables, and therefore the situation that partial business flow in east and west directions is cut off due to the fact that virtual machines in a target VNF are in fault and equivalent forwarding multi-path flow tables on the virtual switch cannot be updated and converged in time after the vBGP component is in fault is avoided, and the business in east and west directions can be converged to normal virtual machines through the exit gateway.
In the invention, a software and hardware functional module which has the BGP routing analysis capability and can realize the functions of issuing and receiving EVPN routing to equipment is called as a vBGP component. Software and hardware modules that complete the functions of the SDN controller are referred to as SDN controllers. In general, the bgp component and the SDN controller may be deployed in the same physical server, or may be deployed separately, and the present invention is not limited thereto.
The BGP component may establish a BGP neighbor with a network device (e.g., SDN _ GW gateway, route reflector RR, etc.), receive a route from the network device and report the route to the SDN controller, and the SDN controller converts the BGP route into an Openflow flow table and sends the Openflow flow table to a virtual switch OVS (e.g., vSwitch1 and vSwitch2), so as to instruct the OVS-side virtual machine to access a virtual machine on the hardware switch or forward outbound traffic. Meanwhile, the SDN controller can synchronize the OVS side virtual machine information to other network devices through the vBGP component. After receiving the route, the network device locally generates a forwarding table entry of the virtual machine at the OVS side and guides the virtual machine at the leaf side to access the virtual machine at the OVS side.
Fig. 4 is a schematic view of a flowchart of steps of a multi-path service convergence method for an SDN network according to an embodiment of the present invention, where the steps of the method according to the embodiment include a complete step of issuing an escape flow table when a bgp component fails and deleting the escape flow table when the bgp component fails, and the method includes:
the method for monitoring the state of the vBGP component by the SDN controller can be receiving warning messages related to the vBGP component, detecting through heartbeat messages and the like.
in this step, the failure of the bgp component may be a failure of the bgp component itself or a failure of a link between the bgp component and the gateway, where the failure of the bgp component may cause the SDN controller to fail to normally receive the route synchronization information from the bgp component. Whether the vBGP component has a fault or not is detected through a warning message or a heartbeat message mode. For example, the BGP component may report a failure alarm message to the SDN controller, and the SDN controller determines whether the alarm message reported by the BGP component may cause a BGP route synchronization failure. An alarm causing a route synchronization failure between a vBGP component and a network device may cause a failure for a physical port used for synchronous routing; the link overtime is judged as the link disconnection; in addition, a failure of the bgp component itself may also cause a routing synchronization failure, and in this case, the failure may be detected through a heartbeat message mechanism.
if the vBGP component has a fault, the forwarding flow tables generated according to the routes reported by the vBGP are likely to have problems, so that the forwarding flow tables generated according to the routes reported by the vBGP are all invalid by issuing the escape flow table, and the controller guides the east-west traffic to the exit gateway by issuing the escape flow table, so that the services can be normally communicated.
Fig. 5 is a schematic diagram illustrating a process of issuing an escape flow table to a virtual switch by an SDN controller according to an embodiment of the present invention. The flow table issued by the SDN controller is divided into a flow table generated according to a route reported by a vBGP component, a flow table generated according to a route reported by a vBGP component and an escape flow table. The priority levels of the three types of flow tables are different, the priority level of the flow table generated according to the route reported by the vBGP component is higher than that of the escape flow table, and the priority level of the escape flow table is higher than that of the flow table generated according to the route reported by the vBGP component. Therefore, when the SDN controller issues the escape flow table to the virtual switch, the flow table generated according to the route reported by the bgp component and having a lower priority may be invalidated, at this time, the eastern-western service traffic sent to the destination NVF may be sent to the egress gateway through the escape flow table, and forwarded to the destination NVF through the egress gateway.
Fig. 6 is a schematic diagram of load balancing service convergence during a failure of a bgp component in an SDN network according to an embodiment of the present invention. In this example, the destination NVF of eastern and western traffic flow of the virtual machine access VNF2 located in the VNF1 is VNF2, when a bgp component in a host where the SDN controller is located loses connection with a gateway SDN _ GW1 or the bgp itself fails, a VM5 in the VNF2 also fails to provide service, and after the SDN controller issues an escape flow table to the vSwitch1, all multi-path load balancing traffic flow of the eastern and western access VNF2 is sent to an egress gateway SDN _ GW1 for forwarding because the priority of the escape flow table is higher than that of a flow table generated according to a route reported by the bgp fault. As shown in fig. 6, when a routing oscillation occurs during a bgp failure, the egress gateway detects that the VM5 fails to converge the route accessing the VNF2 onto the normal virtual machine VM6, where the dotted lines represent transmission paths of the east-west traffic and the north-south traffic after the route convergence. When VNF1 accesses VNF2, traffic is sent to the egress gateway, which forwards the traffic to VM6 on vSwitch2 since only one route on the egress gateway is active (VM 6). Therefore, after the vBGP fault occurs, the multi-path load balancing service flow can still be normally converged.
because there may be more than one cause causing the vBGP route synchronization fault, if the escape flow table is issued before, only the fault record needs to be updated.
and 414, when the related faults of the vBGP component are all recovered to be normal, synchronizing routing information between the SDN controller and the vBGP component, after the synchronization of the routing information is completed, synchronizing a flow table generated according to the route reported by the vBGP component between the SDN controller and the virtual switch, and after the synchronization of the flow table is completed, instructing virtual switch by the SDN controller to delete the vBGP fault escape flow table.
After all faults related to the vBGP component are removed, route synchronization or route smoothing is performed between the SDN controller and the vBGP component, the route of the current state of the network reported by the gateway can be synchronized to the SDN controller through the vBGP component through the route smoothing, after the SDN controller obtains the route of the current latest state of the network, a flow table is generated based on the route reported by the vBGP component, the generated flow table is synchronized to the virtual switch, and the synchronization process of the flow table can also be called flow table smoothing.
After route smoothing and flow table smoothing are completed, the SDN controller can issue a control instruction, delete a vBGP fault escape flow table on the virtual switch, and after the escape flow table is deleted, a synchronous forwarding flow table generated according to a route reported by a vBGP component can take effect, so that east-west service flow can be directly forwarded through a large two-layer network (such as a VXLAN tunnel) on an OVS (such as vSwitch1 and vSwitch2) without bypassing an exit gateway.
When the fault part related to the vBGP component is recovered to be normal, the SDN controller only needs to update the fault record, and after the fault record is updated, the process continues to circulate the step of monitoring the state of the vBGP component by the SDN controller.
In summary, according to the technical scheme provided by the present invention, the traffic between the hosts Overlay is still unloaded in the east-west direction, all the traffic of the multipath load balancing service is sent to the egress gateway for forwarding, and the forwarding traffic can be normally converged when the routing is oscillated during the bgp failure. And when the vBGP is recovered to be normal, flow table smoothing is automatically carried out, and the flow is recovered to unload the flow in the east-west direction.
Fig. 7 is a schematic structural diagram of a multipath service convergence apparatus in an SDN network according to an embodiment of the present invention, and each functional module in the apparatus 700 may be implemented by software, hardware, or a combination of software and hardware. The apparatus 700 is applied to a Software Defined Network (SDN) controller, the SDN controller synchronizes routing information from a border gateway protocol (vBGP) component, and a first virtual switch, a second virtual switch and an egress gateway are interconnected through a large two-layer network, and the apparatus 700 includes:
a synchronization module 701, configured to synchronize routes from the bgp component, and generate a flow table based on the routes reported by the bgp component to implement synchronization with the flow table of the virtual switch;
a monitoring module 702 configured to monitor a status of a bgp component;
the escape flow table issuing module 703 is configured to issue an escape flow table to the first virtual switch when a failure of the bgp component is monitored, where the escape flow table is used to forward east-west traffic flow sent to the second virtual switch to the egress gateway, and send the east-west traffic flow to the second virtual switch through the egress gateway;
and an escape flow table deleting module 704, configured to instruct the first virtual switch to delete the escape flow table after it is monitored that the bgp component is recovered to a normal state, and routing synchronization is completed between the SDN controller and the bgp component and flow table synchronization is completed between the SDN controller and the first virtual switch, so that the eastern and western traffic flows sent to the second virtual switch are directly forwarded on the first virtual switch through the large two-layer network.
Further, before a failure of the bgp component occurs, the synchronization module 701 includes, in a route synchronized by the bgp component, an equal-cost multipath route of a destination virtualized network function VNF reported from an egress gateway or a route reflector, where the destination VNF is located on a second virtual machine side; the synchronization module 701 sends a flow table related to an equivalent multi-path route of a destination VNF to the first virtual switch according to the route reported by the bgp component;
after the bgp component returns to normal, the synchronization module 701 includes the equivalent multi-path route after convergence of the destination VNF in the route synchronized by the bgp component; the converged equivalent multi-path route is generated by the egress gateway upon detecting a virtual machine failure in the destination VNF during a bgp component failure.
Furthermore, the flow table issued by the synchronization module 701 to the first virtual switch is divided into a flow table generated according to the route reported by the bgp component and a flow table generated not according to the route reported by the bgp component; the priority of the escape flow table is higher than that of a flow table generated according to the route reported by the vBGP component and lower than that of a flow table generated not according to the route reported by the vBGP component.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, where the electronic device 800 includes: a processor 810 such as a Central Processing Unit (CPU), a communication bus 820, a communication interface 840, and a storage medium 830. Wherein the processor 810 and the storage medium 830 may communicate with each other through a communication bus 820. The storage medium 830 stores a computer program that, when executed by the processor 810, performs the functions of the steps of the method provided by the present invention.
The storage medium may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. In addition, the storage medium may be at least one memory device located remotely from the processor. The Processor may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), etc.; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory memory. The method may be implemented in a computer program using standard programming techniques, including a non-transitory storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose. Further, operations of processes described herein may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
The above description is only an example of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A multi-path service convergence method in an SDN network is applied to a Software Defined Network (SDN) controller, the SDN controller synchronizes routing information from virtual border gateway protocol (vBGP) components, and a first virtual switch, a second virtual switch and an egress gateway are interconnected through a big two-layer network, and the method comprises the following steps:
an SDN controller monitors the state of the vBGP component;
when monitoring a vBGP component fault, an SDN controller issues an escape flow table to a first virtual switch, wherein the escape flow table is used for forwarding east-west service flow sent to a second virtual switch to an egress gateway, and the service flow is sent to the second virtual switch by the egress gateway;
when the SDN controller monitors that the vBGP component is recovered to be normal, routing synchronization is completed between the SDN controller and the vBGP component, and flow table synchronization is completed between the SDN controller and the first virtual switch, the SDN controller instructs the first virtual switch to delete the escape flow table, so that east-west traffic flow sent to the second virtual switch is directly forwarded on the first virtual switch through a large two-layer network.
2. The method of claim 1, further comprising:
before the failure of the vBGP component occurs, the SDN controller includes, from routes synchronized by the vBGP component, an equal cost multi-path route of a destination Virtualized Network Function (VNF) reported from an egress gateway or a route reflector, the destination VNF being located on the side of the second virtual machine; the SDN controller issues a flow table related to an equivalent multi-path route of the target VNF to the first virtual switch according to the route reported by the vBGP component;
after the vBGP component returns to normal, the SDN controller includes the converged equal-cost multipath route of the target VNF from the synchronous route of the vBGP component; the converged equivalent multi-path route is generated by the egress gateway upon detecting a virtual machine failure in the destination VNF during the vBGP component failure.
3. The method of claim 1,
the flow table issued by the SDN controller to the first virtual switch is divided into a flow table generated according to the route reported by the vBGP component and a flow table generated according to the route not reported by the vBGP component;
the priority of the escape flow table is higher than that of a flow table generated according to the route reported by the vBGP component and lower than that of a flow table generated not according to the route reported by the vBGP component.
4. The method of claim 2,
the exit gateway detects whether the virtual machine in the target VNF fails or not in a Bidirectional Forwarding Detection (BFD) mode;
the large two-layer network is a virtual extensible local area network VXLAN.
5. A multi-path service convergence device in an SDN network is applied to a Software Defined Network (SDN) controller, the SDN controller synchronizes routing information from virtual border gateway protocol (vBGP) components, and a first virtual switch, a second virtual switch and an egress gateway are interconnected through a big two-layer network, and the device comprises:
the synchronization module is used for synchronizing the routing from the vBGP component and generating a flow table based on the routing reported by the vBGP to realize the synchronization with the flow table of the virtual switch;
the monitoring module is used for monitoring the state of the vBGP component;
the system comprises an escape flow table issuing module, a first virtual switch and a second virtual switch, wherein the escape flow table issuing module is used for issuing an escape flow table to the first virtual switch when a vBGP component fault is monitored, and the escape flow table is used for forwarding east-west service flow sent to the second virtual switch to an exit gateway and sending the east-west service flow to the second virtual switch by the exit gateway;
and the escape flow table deleting module is used for instructing the first virtual switch to delete the escape flow table after the situation that the vBGP component is recovered normally, the route synchronization between the SDN controller and the vBGP component is completed and the flow table synchronization between the SDN controller and the first virtual switch is completed is monitored, so that the east-west traffic flow sent to the second virtual switch is directly forwarded on the first virtual switch through a large two-layer network.
6. The apparatus of claim 5,
before the failure of the vBGP component occurs, the synchronization module includes, in a route synchronized with the vBGP component, an equivalent multi-path route of a destination Virtualized Network Function (VNF) reported from an egress gateway or a route reflector, where the destination VNF is located on the side of the second virtual machine; the synchronization module issues a flow table related to an equivalent multi-path route of the target VNF to the first virtual switch according to the route reported by the vBGP component;
the synchronization module is used for synchronizing routes from the vBGP component after the vBGP component returns to normal, wherein the routes synchronized from the vBGP component comprise the equivalent multi-path routes after convergence of the target VNF; the converged equivalent multi-path route is generated by the egress gateway upon detecting a virtual machine failure in the destination VNF during the vBGP component failure.
7. The apparatus of claim 5,
the flow table issued by the synchronization module to the first virtual switch is divided into a flow table generated according to the route reported by the vBGP component and a flow table generated according to the route not reported by the vBGP component;
the priority of the escape flow table is higher than that of a flow table generated according to the route reported by the vBGP component and lower than that of a flow table generated not according to the route reported by the vBGP component.
8. The apparatus of claim 6,
the exit gateway detects whether the virtual machine in the target VNF fails or not in a Bidirectional Forwarding Detection (BFD) mode;
the large two-layer network is a virtual extensible local area network VXLAN.
9. An electronic device is characterized by comprising a processor, a communication interface, a storage medium and a communication bus, wherein the processor, the communication interface and the storage medium are communicated with each other through the communication bus;
a storage medium for storing a computer program;
a processor for performing the method steps of any one of claims 1 to 4 when executing a computer program stored on a storage medium.
10. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111148937.XA CN113992571B (en) | 2021-09-29 | 2021-09-29 | Multipath service convergence method, device and storage medium in SDN network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111148937.XA CN113992571B (en) | 2021-09-29 | 2021-09-29 | Multipath service convergence method, device and storage medium in SDN network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113992571A true CN113992571A (en) | 2022-01-28 |
| CN113992571B CN113992571B (en) | 2024-02-09 |
Family
ID=79737172
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111148937.XA Active CN113992571B (en) | 2021-09-29 | 2021-09-29 | Multipath service convergence method, device and storage medium in SDN network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992571B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599901A (en) * | 2023-06-13 | 2023-08-15 | 苏州浪潮智能科技有限公司 | Service scheduling method, device, computer equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101034850A (en) * | 2006-03-06 | 2007-09-12 | 富士通株式会社 | DC-DC converter, control circuit thereof, control method thereof, and power supply unit |
| CN105571690A (en) * | 2014-10-09 | 2016-05-11 | 梅特勒-托利多(常州)精密仪器有限公司 | Digital weighing sensor and sensor network |
| US20170195255A1 (en) * | 2015-12-31 | 2017-07-06 | Fortinet, Inc. | Packet routing using a software-defined networking (sdn) switch |
| CN110022262A (en) * | 2018-01-09 | 2019-07-16 | 杭州达乎科技有限公司 | A kind of mthods, systems and devices for realizing planar separation based on SDN network |
| CN112134794A (en) * | 2020-10-28 | 2020-12-25 | 新华三大数据技术有限公司 | Flow table backup method and device |
| CN112583708A (en) * | 2020-12-25 | 2021-03-30 | 新华三技术有限公司 | Connection relation control method and device and electronic equipment |
-
2021
- 2021-09-29 CN CN202111148937.XA patent/CN113992571B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101034850A (en) * | 2006-03-06 | 2007-09-12 | 富士通株式会社 | DC-DC converter, control circuit thereof, control method thereof, and power supply unit |
| CN105571690A (en) * | 2014-10-09 | 2016-05-11 | 梅特勒-托利多(常州)精密仪器有限公司 | Digital weighing sensor and sensor network |
| US20170195255A1 (en) * | 2015-12-31 | 2017-07-06 | Fortinet, Inc. | Packet routing using a software-defined networking (sdn) switch |
| CN110022262A (en) * | 2018-01-09 | 2019-07-16 | 杭州达乎科技有限公司 | A kind of mthods, systems and devices for realizing planar separation based on SDN network |
| CN112134794A (en) * | 2020-10-28 | 2020-12-25 | 新华三大数据技术有限公司 | Flow table backup method and device |
| CN112583708A (en) * | 2020-12-25 | 2021-03-30 | 新华三技术有限公司 | Connection relation control method and device and electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| SHAMEEMRAJ M. NADAF; A. V. ARUN KUMAR; HEMANT KUMAR RATH; ANANTHA SIMHA, 《2017 IEEE INTERNATIONAL CONFERENCE ON ADVANCED NETWORKS AND TELECOMMUNICATIONS SYSTEMS (ANTS)》 * |
| 郭毅;王振兴;刘慧生;王禹;: "基于协同的域间路由路径真实性验证机制", 《计算机研究与发展》, no. 2 * |
| 郭毅;王振兴;刘慧生;王禹;: "基于协同的域间路由路径真实性验证机制", 计算机研究与发展, no. 2 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599901A (en) * | 2023-06-13 | 2023-08-15 | 苏州浪潮智能科技有限公司 | Service scheduling method, device, computer equipment and storage medium |
| CN116599901B (en) * | 2023-06-13 | 2024-01-23 | 苏州浪潮智能科技有限公司 | Service scheduling method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992571B (en) | 2024-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108574614B (en) | Message processing method, device and network system | |
| US10686749B2 (en) | Packet sending method and network device | |
| CN107846342B (en) | Method, device and system for forwarding VXLAN message | |
| US7206309B2 (en) | High availability packet forward apparatus and method | |
| US7961601B2 (en) | Lesser disruptive open shortest path first handling of bidirectional forwarding detection state changes | |
| AU2004306913B2 (en) | Redundant routing capabilities for a network node cluster | |
| US7463579B2 (en) | Routed split multilink trunking | |
| US7760652B2 (en) | Methods and apparatus for improved failure recovery of intermediate systems | |
| US20080225699A1 (en) | Router and method of supporting nonstop packet forwarding on system redundant network | |
| CN110891018B (en) | Network traffic recovery method and device, SDN controller and storage medium | |
| WO2020030000A1 (en) | Disaster recovery switching method, related device and computer storage medium | |
| CN113992569B (en) | Multipath service convergence method, device and storage medium in SDN network | |
| KR101017540B1 (en) | Uninterrupted network control message generation during local node outages | |
| CN112187633A (en) | Link fault convergence method and device, electronic equipment and storage medium | |
| US20220124033A1 (en) | Method for Controlling Traffic Forwarding, Device, and System | |
| CN113992571B (en) | Multipath service convergence method, device and storage medium in SDN network | |
| US10616046B2 (en) | System and method of handling a fault detection mechanism during a control plane failover | |
| US10447581B2 (en) | Failure handling at logical routers according to a non-preemptive mode | |
| CN110138656B (en) | Service processing method and device | |
| US7869351B2 (en) | Communication techniques and generic layer 3 automatic switching protection | |
| CN109379760B (en) | MEC bypass system and method | |
| CN114585009A (en) | UPF dual-computer hot standby switching method and device, electronic equipment and storage medium | |
| EP3720058B1 (en) | Method for configuring private line service, device, and storage medium | |
| EP4325799A1 (en) | Data transmission method, communication system, and route advertisement method | |
| JP2017204771A (en) | Communication method, communication control method thereof, and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |